1. Oracle Identity Cloud Service REST APIREST API for Oracle Identity Cloud Service
  2. Use Cases
  3. Using the Authenticate API to Develop a Custom Sign-in Page
  4. Creating a Session

Creating a Session

This use case provides an example of using Oracle Identity Cloud Service to create a session after authentication, such as after authenticating using MFA.

Note:

Use this Authenticate API only if you're building your own end-to-end login experience by developing a custom sign-in application to be used by Oracle Identity Cloud Servcice.

Note:

This Authenticate API can't be used to integrate your applications with Oracle Identity Cloud Service for single sign-on purposes.

Note:

See the other use cases in Using the Authenticate API for information on using the Authenticate API.

Submit the authnToken and the requestState as a FORM POST when the client is done with authentication and MFA, and needs to create a session. For this step, createSession must be listed as a nextOp attribute value in the last response received, and the FORM POST must include one of the following attributes.

For /sso/v1/sdk/secure/session endpoint:
  • requestState: received in the last response

    OR

  • authnToken: received in the last response

    AND

  • authorization:parameter required for secure session

Request Example

The following is an example of the contents of the FORM POST to the /sso/v1/sdk/secure/session endpoint: 

requestState=value&authorization=<client sign-in access token>
OR 
authnToken=<value received from a previous response>&authorization=<client sign-in access token>

Response Example

The following example shows the contents of the response in standard HTTP format:

HTTP/1.1 302 See Other
Date: Tue, 30 Oct 2018 04:40:05 GMT
Content-Length: 0
Connection: keep-alive
Pragma: no-cache
Location: https://tenant-base-url/idp/sso (Example URL)
Set-cookie: ORA_OCIS_REQ_1=+fxgW2P7bgQayiki5P;Version=1;Path=/;Secure;HttpOnly
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-xss-protection: 1; mode=block
X-content-type-options: nosniff

If createSession isn't listed as a value for the nextOp parameter in the last received response, you may need to create a token before creating a session. If createSession is listed as a value for nextOp, the sdk/session endpoint can be called directly using only the requestState.

Request Example

The following example shows the token request to the /sso/v1/sdk/authenticate endpoint in JSON format: 

{  
   "op":"createToken",
   "requestState":"{{requestState}}"
}

Response Example

The following example shows the contents of the response in JSON format:

{
    "authnToken":"eyJraWQiOiJ....4IacnWKSQ",
    "status":"success"
}

The server checks that no other factor evaluation is needed. If no other evaluation is required, the token is sent in the response.